Dissertation/Thesis Abstract

Proactive cyberfraud detection through infrastructure analysis
by Kalafut, Andrew J., Ph.D., Indiana University, 2010, 153; 3423688
Abstract (Summary)

Internet users are threatened daily by spam, phishing, and malware. These attacks are often launched using armies of compromised machines, complicating identification of the miscreants behind the attacks. Unfortunately, most current approaches to fight these problems are reactive in nature, allowing significant damage before security measures are adapted to new attacks. For example, blacklisting prevents communications with known malicious hosts, but many users may fall victim to an attack before blacklists are updated. In this dissertation we argue for a proactive approach to fighting cybercrime. Our approach relies on the observation that to avoid attribution and to stay up amidst take-down attempts, miscreants must provision their infrastructure differently than legitimate web sites. Thus, we propose to proactively identify malicious activity using unique characteristics of malicious web site provisioning. Specifically, using near real-time feeds of malicious web hosts, we investigate the extent to which miscreants use five specific provisioning practices. The first three are based on the Domain Name System (DNS), which translates host names to IP addresses. We first examine fast-flux, a practice where the association between name and address changes much more frequently than usual. We then investigate the use of DNS wildcards, which point many host names to a single address. Next, we examine the use of orphan DNS servers, which are DNS servers in non-existent domains. Then, we study the concentration of malicious activity in certain networks. Finally, we examine web redirects, which may appear to be links to legitimate web sites but in reality trick users into visiting malicious sites. We find that although good web sites sometimes make use of some of these techniques, malicious web sites are more likely to use them. Consequently, their presence can be used for proactive identification of malicious web sites.

Indexing (document details)
Advisor: Gupta, Minaxi
Commitee: Bramley, Randall, Hill, Raquel, Myers, Steven
School: Indiana University
Department: Computer Sciences
School Location: United States -- Indiana
Source: DAI-B 71/11, Dissertation Abstracts International
Source Type: DISSERTATION
Subjects: Computer science
Keywords: Cyberfraud, Infrastructure, Security
Publication Number: 3423688
ISBN: 9781124247366
Copyright © 2019 ProQuest LLC. All rights reserved. Terms and Conditions Privacy Policy Cookie Policy
ProQuest